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(57) Abstract 



In a method and a de- 
vice for partial encryption and 
oroercssive transmission of im- 
aged a first section of the un- 
ak file is compressed at reduced 

quality without decryption, and 
a second section of me image 

file is encrypted. Users having 
^to^pr^dec^r 
keywords can decrypt th.s sec- 
ond section. The first secuon 
together with the decrypted sec- 
^ section can ften be v,ewed 

as a full quality image. The stor- 
| age space required for stonng the 

first and section together is es- 
1 Sny the same as the stor- 
age space required for stonng 
the unencrypted full quahty mv 
aee By using the method and 
device as described herein stor- 
age and bandwidth requirements 
for partially encrypted images is 
reduced. Furthermore, object 
based composition and process- 
ing of encrypted objects are fa 
cmtated. .and ROls ^ be en- 
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A METHOD AND A DEVICE FOR ENCRYPTION OP IMAGES 
TECHNICAL FIELD 

The present invention relates to a method and a device for 
encrypting images. 

BACKGROUND OF THE INVENTION AND PRIOR ART 

Encryption of digital data is a technical field which becomes 
important when transmitting and storing secret information or 
information which only shall be available to a user paying f or 
the information. Thus, several methods for encrypting digital 
data are in frequent use. Such methods can also be applied also 
to digital image data. Examples of encryption methods are DES, 
triple DES and the public-key RSA method. 

Digital images can be stored on servers and distributed over a 
telecommunication network as digital image data. Images can also 
be distributed using a physical storage medium such as a CD ROM. 
Service providers need to establish access control that suits 
"rbuLess model. In this context it might be suitable . to 
offer partial access to one set of users and full access t 
I .f of users Thus, some of the image data must be 
another set of users, mus, ^-vina full access 

encrypted in order to prevent all users from having 

to all image data. 

v™» offered for sale on the Internet. 
Hews photosraphs e- ^ cMumtB „ do „nload a 

version of the image witu service and 

journals, that want to publish an image, pay for the 
™en allowed to download a full quality image. 

v, service provider wants to minimize storage space 
However such a service pro ^ ^ alternatively 

and download bit rates. An g v CD _ ROM s are given 

want to distribute images on e.g. - 

the images at a 
away or sold for a low price. Customers can r ^ 
reduced quality, but they *ust pay for ™9 sCorage 
^lity. » toe case the i^age provx dar wan" to 
Ipace on the CD-ROM as efficiently as possible. 
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It is also essential that customers always can access images 
using user friendly, standardised software. Image providers are 
reluctant to design and support special image viewers and 
customers don't want a proliferation of viewing tools. 

Presently, image providers have to store two versions of the 
images stored. The full quality version is stored as an 
encrypted image file. This means that the image first is 
compressed and stored in a compressed file format such as JPEG 
or GIF. The compressed file is then encrypted using a suitable 
encryption tool and an encrypted image file is stored. The user 
must first decrypt this file and then access the resulting 
compressed image file using an image viewing tool. Reduced 
quality images are produced by processing the full quality 
images in an image editing program. They are stored as separate 
compressed image files. 

The problem with this solution are that at least «° ««™ 
versions o£ the same image need to he stored, and that both 
versions must also be transmitted over the network in case of 

access in the case a customer first wants to see the free 
irresolution image before paying for the full resolution 
version. 

^is results in a significant disadvantage if the reduced 

„ larae fraction of the image 

-TouTl ZZZZX broiled unhanding of 

, * accepts only the highest quality for 

the image content and accepts o y reQuire 10 -50% of the 

printing. The reduced quality image could require 
storage space of the full quality image. 

eHU coding standard JPEG 2000, 

^rz rr:r ^stopouios «... —ooo 

trtfication -el version.O includes man^ ^ 

functionalities in " cuUr , metho ds for creating a 

techniques. They include, in parti : . acion dOT , a in 

wide range of progressive image formats. 
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can select a suitable progression mode. Individual objects 
within images can be accessed separately in the JPEG 2000 
bitstream and progressive transmission can be applied also to 
objects, in JPEG 2000 there is also support for independently 
decodable coding units. 



SUMMARY 



It is an object of the present invention to overcome the 
problems as outlined above and in particular to reduce the 
amount of memory required for storing an image, which partially 
shall be possible to view, and also to reduce transmission time 
in a transmission scheme transmitting partially encrypted 



images. 



This object and others are obtained by a technique for partial 
encryption and progressive transmission of images where a first 
section of the image file can be decompressed at reduced quality 
without decryption, i.e. the first low quality image is not 
encrypted, and where a second section of the image file 
encrypted . 

— — — ™r r^jsrcr^ z 

decrypt this second section, me -,,-iitv 
ae<~iyf*- . viewed as a full quality 

decrypted second section can then be viewed a 

T The storage space required for storing the first and 
ima ge. The forage * sajne ag the storag e space 

section together is essentiaixy ™iitv image. The 

required for storing the unencrypted full quality imag 

"crfon compared to the unencrypted second section. 

, .„ be oartitioned into multiple sections where 
The j^^/^ with m individual encryption 

each section may be encrypu , unencrypted, 

method and Keyword. Some "^^^LTscrfhed 
ftn important element o£ the method and device as 
T that the compressed images consist o£ a set o 

herein is that tne comp es it 

r^inn entropy decoding, 
domain without performing entropy 
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A reduced quality image can be produced according to several 
different main schemes, such as: 

1) Reduced resolution 

2) Reduced accuracy of the transform coefficients. 

3) Exclusion of predefined regions of interest (ROD 

These methods can be combined so that a reduced quality image is 
e.g. produced by reducing both the resolution and the accuracy 
of the transform coefficients. 

By using the method and device for storing and transmitting 
ianage data as described herein, several advantages are obtained. 
Thus, there is no need to store two different versions of an 
image if different users are to have access to different quality 
of the one and same image. Also, transmission times become much 
lower if the information content of the first, low resolution 
ilge data can be reused when transmitting the higher resolute 
image data- 

BRIEF DESCRIPTION OF THE DRAWINGS ,„.„<, „ d 

The present invention will now be described m .ore detarl end 
with reference to the accompanying drawings, rn whrch. 



Pig I is a genera! view of the file structure of an image 
"- ngs. Ya and 2b shows encryption of images coded according to 

the JPEG 2000 standard. carried out 

- Fig. 3 is a flow chart illustrating some steps earned 

when encrypting an image. process. 

- Fig. 4 is a diagram illustrating a client server p 

- Fig- 5 is a view of an encryption header 

rTrn" view of the file structure of an original, 

consists of a number o f ile P structure shown in Fig- 

sections 101, 103 and 10 . J» t£ version of a high 

1, the section 101, which is a low therefore 

, • is coded without encryption and 

resolution image, is cous- 
be possible to decode by any receiver. 
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Tfce section 103, which comprises data, which combined wxth the 
data o£ section 101. result in a medium resolution versron of 
^e high resolution image, is encrypted using a first encryption 
method, and only receivers having access to the correct 

encryption Key will be ahle to decode the data stored in the 

section 103 . 

The section 105, which comprises data, which combined with the 
Tta of section 101 and 103 results in a full resolution version 
of the high resolution image, is encrypted using a second 
encryption method, and only receivers having access to the 
encryption key will be able to decode the data stored m the 
section 105. 

Thus, decoding of the section 101 will result in a low 
resolution image version 107. Decryption 109 and decoding o£ the 
section 103 will, comhined with the image data from the secern 
10 1 result in a medium resolution image 111. Decrypts 113 and 
» 7L of the section 105 will, combined with the image data 
Z£Z sectTJ iOl and 103 result in a full resolution is.age 



115. 



t-v,o tpfg 2000 standard without 
Furthermore, implementation in the JPEG 2000 Qn 

ROI, see Charilaos Christopoulos (ad J JPEG 200 

o n Ascribes how each coding unit oj. 
Model Versxon 2.0, ™> bitst ream so that a wide 

2000 bitstream can be inserted in u 
range of progressive modes can be supported. 

^ o n a coding unit is a part of 
„ op TC 2000 verification »od o£ . given 

th e hitstream tha ; ^ described as any 

subband. in general, a coding uni . The general 

reifies the next coding unit lit 
called tags that specifies c bitp lane order is 

sufficient to specify the subband ^ „ tha t 

^own) . Several specific modes =-be^ ^ ^ 

defines a default coding unit order thus sav 
are needed for inserting explicit tags. 
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in Figs. 2a and 2b block diagrams describing how encryption can 
be implemented in the JPEG 2000 encoder and decoder 
respectively, are shown. 

Thus, in Fig 2a a block diagram where encryption is P^°™ ed 
after entropy coding in the encoder is shown. Codxng unxts enter 
an entropy coding bloc, 201. In the block 201 codxng the coding 
units are entropy coded using some suitable entropy code. The 
output from the block 201 is fed to a selector which selects a 
suitable encryption method for each entropy coded codxng unit, 
some coding units can be selected to not be encrypted at all. 

in response to the selection made in the selector 203 the 
entropy coded coding units are encrypted in a block 205. The 
encrypted coding units together with the not encrypted codxng 
units then form a combined output data stream, which can be 
stored or transmitted. 



In response to the sexton made in e selec t«as t _ 

entropy coded coding unrts are codlng ^ are 

suitable ^IZcTZ tZ ^T^ the coding -its 
then fed to the block 255. in decryption 
Iron, fed directly fro- the selector 251 and fro 

bl oek 253 are entropy which is fed 

output data stream corresponding to the data 
to the entropy coding block 201 in Fig. 2a. 

„ if in the transmission scheme as shown in the 
E ach codrng unrt ^ independently encrypted block. 

Pigs. 2a and 2b xs hand! separately with any user 

Each coding unit can units in the same im*ge 
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encryption method used can further be an encryption algorithm 
combined with a keyword or a method for generating keywords. 

Different encryption methods can in such an embodiment have 
identical algorithms but different keywords. Encryption Method 
Description (BHD) as shown in Figs. 2a and 2b is any global data 
such as session keywords or algorithm identifiers that xs needed 
to specify the Encryption Method. Unit Encryption State (DBS) xs 
a symbol that for each coding unit defines how it is encrypted. 

in Fig. 3, a flow chart illustrating different steps carried out 
when encrypting an image are shown. First, in a step 301, an 
image to be partially encrypted is received. The image recexved 
in step 301 is then coded using a coding algorithm generatxng 
independently decodable coding units, e.g. JPEG 2000, in a step 



303. 



Hext. in a step 305, some ot the coding units of the image coded 
ITstep 303 are encrypted using some suitable encryptxonmethod. 

and the coding units which are not encrypted are merg 
single bit stream. 

„•„ 4 a flow chart illustrating a client-server process, 
in Fxg. 4, a flow cna acc0 rding to the method as 

wh en transmitting - -ge -coded accord ^ ^ ^ 

scribed in ^ client 4.1 - tnen issue 

r^esHrr n ~er « - . particular image, step 



405. 



.03 replies by transmitting the coding unxts of the 
The server 403 replies by ^ encrypted 

ima ge which are not encrypted, step 4 ^ 
coding units can be decoded by the clxent who ^ ^ 

access to a low resolution version or a part ^ 
Based on this information the clxent -y ^ ^ 

the image in a higher resolutxon or the full 
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client transmits a request to the server requesting such 
information, step 409. 

The server replies by sending a request to the client requesting 
the client to agree to the conditions for transmitting the 
higher resolution version of the image, step 411. If the client 
agrees via a message 413, e.g. comprising a card number or 
account number from which to bill the cost for the image, the 
server sends the encrypted coding units together with a key word 
by means of which the encrypted coding units can be decrypted, 
step 415. A secure method for key distribution should be used. 
Examples of such secure methods are described in W. Stallings 
-Data and computer Communications", p 635 -637, Prentice-Hall 
1997 fifth edition ISBN 0-13-571274-2. 

If the client already has access to the unencrypted and 
encrypted coding units, for example if he has purchased a CD-ROM 
with images coded as described herein. The scheme as described 
in conjunction can be modified so that no image data is 
transmitted. Instead the client only agrees to conditions set by 
the server in order to have access to the key word(s) 
required to decrypt the encrypted coding units of the CD-ROM. 

in the case when the method and device as described herein is 
US ed when encoding image according to the JPEG 2000 standard ,t 
is advantageous if the JPEG 2000 standard does not **£^T 
encryption methods. An Encryption Header 

image header or optionally an Encryption Tag that is merg 
the JPEG 2000 Tags can instead be used to specify how coding 
units are decrypted. 

in such an embodiment the JPEG 2000 image header contains an 

1 \. vlaa (EF) EF is then set if any coding unit is 
Encryption Flag (EF) EF i ^ fco 

encrypted. An Encryption Header kwi 

encrypu , encryp tion information can 

the JPEG 2000 image header ana encrypt 
optionally be merged into JPEG 2000 Tags. 

in Fig . S an encryption header is shown. The Encryption Header 
can in such an embodiment contain the following symbols. 
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1) Encryption Mode (EM) . A set of standard encryption modes are 
defined e.g. 

a) One encryption method is used for all coding units 

b) Bitplanes of less significance than bitplane X are encrypted 

c) Subbands of higher resolution than Y are encrypted 

d) ROIs specified in are encrypted, etc. 

No encryption information need to included in the Tags if an EM 
is defined. 

2) Encryption Mode Parameters (BMP). Parameters (X, Y. ...) that 
are used to define the Encryption Mode are set here. 

3) Number of encryption methods used. Several encryption methods 
can be used within the same image if e.g. different user groups 
should be allowed to see different image content. 

4) One Encryption Method Descriptor (END) for each encryption 
method. The EMD defines any data that is needed by the 
encryption/decryption module. The type of encryption 

is defined. A typical use of EMD will be to include a keyword 
iLrls encrypt" by a public key algorithm. The user supplies a 
private key for decrypting the enclosed encrypted key ™ e 
decrypted key is used by a fast decryption algorithm to decrypt 
iTagTcoding units. The order of the EMDs t0 
eac' encryption method. This number is used xn DES symbols. 

5) T he bitstream must for each coding unit specify if it is 
encrypted and if so by what method. Thxs xs done by setting 
Unit Encryption State (DES) symbol per codxng unxt . These 
symbols co!ld either be collected in the encryptxon heade or 
amatively be distributed in ^ ^^^^ we 
t-aas If the DES information xs kept xn the encryp 
tags, xi »-iie u ct . a f 0 (ps) ES consxsts of 

define a header element - Encryptxon State (ES) ^E 
a series of OES symbols that are listed rn the same 
ooding units appears in the bit stream. 

„ EF is set and the Encryption State is not given in the 
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header. JPEG 2000 Tags can be expanded to contain Onit 

Encryption State (DBS) symbols. USS defines which 

^etncl. i£ any, that is used for encrypting the next codxng 

unit . 

The transform coefficients belonging to a ROI can be handled as 

described above. They can be completely or partially 

by selecting appropriate coding units belonging to the ROI for 

encryption. 

The main problem is that the shape of the ROI might reveal the 
content. If the shapes are encrypted it is. however, drffrcult 
to show a reduced quality image since it is difficult to 
interpret the coded transform coefficients. 

This problem can be solved by defining a so called cloaxing 
Ihape (c-shape). Thus, the real shape of one or several ROIs are 
shape ic P c -shape. The c-shape is designed to 

completely enclosed in tne c v ,„„«,<-- 

normal sensitive image content. A sr»ple example of 

shape is a bounding box. 

T?rvr in the JPEG 2000 bit 

stream- The c-shape is cod Verific ation Model 

Charilaos ^-topoulos (edJ , ^ ^ 
Version 2.0. According to the technxqu 2ooo 
thl. would result in that the shape is defmed 



header. 



A masK is created using the ^"{^J^ °™ crypt ed 
coefficients belonging to the c-shape rs coded ^ 
usi ng the method as described herein. ™£ m shielded 
al l coefficients belonging to any of the RO ^ ^ ^ 

by the c-shape are encrypted. The text 
protected by encryption. 

The shape of ^^^^^ ~ 
encryptron ^f^f *" C ™ lth the corresponding c-shape. 

SUBSTITUTE SHEET (RULE 26) 



PCT/SE99/02106 

WO 00/31964 

11 

shap e can be displayed as a blan* region. The original KOIs can 
be decoded if the Keyword is Known. This is done by 
the coefficients belonging to the c-shape. The shape of each HOI 
belonging to the =-shape is also decrypted. The bit™ can 
now be rearranged so that the c-shape is dropped and the 
original ROI data structures are restored. Bote that thrs rs 
done in the compressed domain. 

The mas* that is used for encoding a ROI is not 

in JPEG 2000. A mask that is sufficiently large so that 

is encoded lossless will often cover the whole lower subbands. A 

m ask that is not allowed to expand will lead to a lossy encoding 

of the ROI. The masks belonging to different ROIs or to a ROI 

and the background can be designed to overlap. This means that 

some coefficients are encoded in more than one 

overlap will lead to a reduced overall compression but the ROIs 
Te mfre independent so that any ROI can be accessed and decoded 
with a good visual result. 

The — encryption ^^^1^^ 

j* i-hp choice of masK as xony « 

dependent of the chox ^constructed from the 

so that the content of a ROI cannot building a 

d^t background . A method tor Dunui«y 
content of any other ROI or backgr bed in charilaos 

ttask that hides the content of the ROI ,s des 
Christopoulos <ed.). JPEG 2000 Verification Model 

.v, * and device as described herein storage and 
By using the method and deV ~\ enC rypted images is 

bandwidth ^7;;%:^ and processing of 

reduced. Furthermore, ob^ec Jb ^ ^ encrypted . 

encrypted ^^"J^^crwt- and the original 
Also, the shape of a ROI can corap ressed domain, 

object can be decrypted and restorea 

^ o t-Yiat encryption does not need to be 
mother advantage is the image. Thus, since 

performed at the same time J ^ (at the 

bitstream syntax) xtxs p ormed just before 

encryption. The ™£J (t ranscoder) . In this case, 

transmitting the image by a parser 
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if the encryption increases the bitrete. which will ^* ~~ 
if the encryption is place* in the TAGS, the rncrease rn b trate 
is avoided ind the encryption information is only added before 
transmitting it- 
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CLAIMS 



1. A method of partially encrypting image data comprising the 

steps of: . 

- coding the image data using an encoding algorithm generating 

independently decodable coding units, 

- encrypting at least one of the coding units, and 

_ merging coding units which are not encrypted with coding units 
which are encrypted into a combined bitstream. 

2 A method according to claim 1, characterized in that the not 
encrypted coding units correspond to a low resolution version of 
the image data. 

3 a method according to any of claims 1-2, characterized in 
that different coding units are encrypted using different coding 
methods • 

4. A method according to any of olaims 1 - 3 f characterized in 
that an encryption flag, which indicates if a coding unit is 
encrypted, is inserted in the bit stream. 

5 A method according to any of claims 1-4, when information 
corresponding to a Region of interest is enCT ^ ed ' 
characterized in that the shape of the region of interest 
enclosed in a cloaking shape. 

,. A device for partial encryption of data charact^isad 

Cleans for coding the i-ge data according to an encoding 
algorithm generating independently decodable coding units. 
-Tana connected to the coding Beans for encrypting at least 

one of the coding ^ ^ ^ m not enoryP ted with 
- means for merging coding units wmc bitstreM >. 
coding units which are encrypted, as a combined bitstre 

JiM t o olaim 6, characterised by means for 
to a low resolution version of the image data. 
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8. ft device according to any o£ claims , - 7, f>»*«" * 
means for- encrypting a±«—* «-!»• ■**• USing 

coding methods. 

9 . x device according to any of claims . - t. ^"^f * 
Lans for inserting an encryption flag, which indicates if a 
coding unit is encrypted, in the bit stream. 

10 . ft device according to any of claims . - 9, W 
m eans for enclosing e region of interest shape xn a cloaKmg 

shape. 
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